GNU tar xsparse guesses output names with unsafe strcpy/strcat composition

In the xsparse helper, output filenames are synthesized from attacker-controlled input names. The code allocates a buffer based on an incorrect size expression and then copies using multiple strcpy calls, which can overrun the heap when the input path length does not match the expected shape.